What is geofencing?
Federal judges in the United States are starting to push back against police requests for “geofence warrants”, citing constitutional concerns. In this short article, we’ll introduce you to the issue, tell you what it means for your privacy, and explain how you can limit the ability of the government (and others) to track you.
What is geofencing?
Broadly speaking, geofencing refers to the practice of creating a virtual boundary around a real-world physical area. The technique is often used by marketers and advertisers who want to show more relevant ads or offer tailored suggestions to people in a specific geographic location (for example, by serving ads or special offers for a nearby business). Geofencing works by using location data gleaned from mobile devices, which can come from a number of different sources, including GPS, Bluetooth, RFID, and Wi-Fi data.
What are geofence warrants?
Geofence warrants (sometimes called “reverse location searches”) are official requests by law enforcement authorities to access the device location data gathered by large tech companies like Google. The warrants specify a time and geographic area, and require the companies to turn over information on any devices that were in that area at that time. While this data is typically anonymized, it can be used in conjunction with other investigative techniques to tie devices to specific users—and identify persons of interest in a criminal investigation. The practice appears to be on the rise, and while Google seems to receive the most requests from law enforcement, reports indicate that multiple tech companies are involved.
What’s wrong with geofence warrants?
Geofence warrants are, arguably, a legitimate tool that helps law enforcement identify suspects in serious crimes when other avenues of investigation have failed. However, opponents of reverse location searches point out that they may implicate innocent people in crimes simply because someone else was using their phone: In 2018, an Arizona man was jailed in a murder investigation for nearly a week in that exact scenario. There are serious privacy and legal concerns about the practice as well—and this has now been acknowledged by several judges tasked with reviewing geofence warrant requests.
What the law says
Federal court judges in Chicago recently rejected police requests for geofence warrants on the grounds that they were overly broad and most likely unconstitutional, saying that they appeared to violate the Fourth Amendment’s probable cause and particularity requirements. One of the judges made it very clear, in his written opinion, that the stakes went beyond the immediate case, calling out the government’s “undisciplined…overuse” of geofence warrants as a threat to “our collective sense of privacy and trust in law enforcement officials”.
While these court decisions were seen by many as a victory for privacy, the issue is not settled, and will likely require further judicial review.
How to protect your privacy
Reasonable people may disagree about the legality or desirability of law enforcement using geofence warrants in criminal investigations. But the debate itself highlights an important privacy implication for everyday mobile users: namely, that our phones and tablets are giving away our location data to any number of apps, services, and tech companies.
If that concerns you, the good news is that there are some steps you can take to protect your privacy, and in iOS 14 it’s easier than ever to limit how much of your data is being shared with third parties:
Deny apps permission to track
In iOS 14, if an app wants to track you, it first has to ask. It may be best to say “no” to these requests to track by default. If you decide to allow an app to access your location or other data in the future, you can always grant this on a per-app basis in the relevant sections of the Settings > Privacy menu.
To prevent apps from even asking if they can track you, go to Settings > Privacy > Tracking > and toggle the Allow Apps to Request to Track setting to Off.
Limit location data access
You may not want to completely disable Location Services, but it’s probably wise to restrict access to only those apps that truly need it, and only when you’re actually using them.
To see a list of apps and the location permissions they have, go to Settings > Privacy > Location Services and click on the app you want to inspect. There are three possible settings for location access: Never, Ask Next Time, and While Using the App. Rule of thumb: If an app doesn’t have a good reason to access your location, don’t share your data.
In addition, iOS 14 allows you to give apps your approximate location only, rather than your exact location. This means that the app will be able to see that you are, for example, somewhere in New York, but not that you’re standing at the corner of 5th Avenue and East 58th Street — which can be helpful when using things like news and weather apps that need to know where you are in the world, but not to within a few feet.
Go to Settings > Privacy > Location Services and for each app you’ll see a toggle switch for Precise Location. If you only want to share your approximate location with that app, just set this to Off.
Limit Bluetooth data access
Bluetooth data can also be used to determine your location, and so should be treated with caution. Some people prefer to disable Bluetooth altogether, which can be done at Settings > Bluetooth, and this may be a perfectly reasonable option for those who don’t actually make use of the functionality. However, it’s also possible to allow limited Bluetooth access for select apps only. To see these options, go to Settings > Privacy > Bluetooth to see a list of apps that have previously requested Bluetooth access. To grant Bluetooth access to an app, toggle the switch to On; to deny it, toggle the switch to Off. As with Location Services, let common sense be your guide. An app for a wearable device that you control with your iPhone may genuinely need Bluetooth access; a social media or photo editing app probably doesn’t need it.
Use private Wi-Fi addresses
This feature is enabled by default on iOS 14, so there’s not much to say here except that you shouldn’t disable it! Whenever you join a new Wi-Fi network, your iOS device will identify itself to that network using a unique MAC (media access control) address. This helps to anonymize your device as you connect to different Wi-Fi networks — since it’s joining each of them with a different identifier number, it will be harder for network observers to figure out that two or more of these numbers actually belong to the same device
To see these settings, go to Settings > Wi-Fi and tap the information symbol next to any network. The Private Address option will be toggled to On by default.
Disable tracking in Google accounts
If you have a Google account, there are some hidden location tracking settings that you should know about — and that you can disable at an account level, instead of on just one device. In iOS, from the Google app go to Google Account > Personal info & privacy > My Activity. Here you’ll find two settings that affect how Google collects location data. One is pretty clear: Location History. But the other may not be so obvious: Web & App Activity. This second setting controls another way that Google collects data on your device (including location data), even after you’ve paused your Location History. Switch off Location History and Web & App Activity if you’re concerned about Google tracking your location. And at the risk of sounding partisan, you may want to consider Apple alternatives to Google services, as these will generally handle user privacy better than Google.